Red Hat Bugzilla – Bug 436116
CVE-2008-0890 DirServ 7.1: insecure default permissions on jars directory
Last modified: 2013-08-22 15:53:16 EDT
While investigating CVE-2008-0889 affecting Red Hat Directory Server 8 / Fedora
Directory Server, it was discovered that Red Hat Directory Server 7.1 RPMS
create directory /opt/redhat-ds/java/jars as world writable, allowing local
users to remove .jar files in this directory and replace them with modified
ones, leading to a privilege escalation.
This issue did not affect Red Hat Directory Server 7.1 for Solaris and HP-UX.
Permissions of jars directory on those platforms were set correctly.